Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(884)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/ssl_errors/error_info.cc

Issue 2777383002: Update SSL error handling code to account for Subject CN deprecation (Closed)
Patch Set: Update build script Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« components/ssl_errors/error_classification_unittest.cc ('K') | « components/ssl_errors/error_classification_unittest.cc ('k') | net/BUILD.gn » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/ssl_errors/error_info.cc
diff --git a/components/ssl_errors/error_info.cc b/components/ssl_errors/error_info.cc
index 7ef291ebe4b443c39dadb389877a4c9481bce1fc..b1b388c5d6971e6a285d49d5cbbbd85c4a5a6648 100644
--- a/components/ssl_errors/error_info.cc
+++ b/components/ssl_errors/error_info.cc
@@ -32,22 +32,28 @@ ErrorInfo ErrorInfo::CreateError(ErrorType error_type,
base::string16 details, short_description;
switch (error_type) {
case CERT_COMMON_NAME_INVALID: {
- // If the certificate contains multiple DNS names, we choose the most
- // representative one -- either the DNS name that's also in the subject
- // field, or the first one. If this heuristic turns out to be
- // inadequate, we can consider choosing the DNS name that is the
- // "closest match" to the host name in the request URL, or listing all
- // the DNS names with an HTML <ul>.
std::vector<std::string> dns_names;
- cert->GetDNSNames(&dns_names);
- DCHECK(!dns_names.empty());
+ cert->GetSubjectAltName(&dns_names, NULL);
Ryan Sleevi 2017/03/31 14:51:34 nullptr ;)
elawrence 2017/03/31 16:09:41 Done.
+
size_t i = 0;
- for (; i < dns_names.size(); ++i) {
- if (dns_names[i] == cert->subject().common_name)
- break;
+ if (!dns_names.empty()) {
+ // If the certificate contains multiple DNS names, we choose the most
+ // representative one -- either the DNS name that's also in the subject
+ // field, or the first one. If this heuristic turns out to be
+ // inadequate, we can consider choosing the DNS name that is the
+ // "closest match" to the host name in the request URL, or listing all
+ // the DNS names with an HTML <ul>.
+ for (; i < dns_names.size(); ++i) {
+ if (dns_names[i] == cert->subject().common_name)
+ break;
+ }
+ if (i == dns_names.size())
+ i = 0;
+ } else {
+ // The certificate had no DNS names, use an empty string for display.
+ dns_names.push_back("\"missing_subjectAltName\"");
Ryan Sleevi 2017/03/31 14:51:34 readability suggestion: It's usually easier to put
elawrence 2017/03/31 16:09:41 Swapped. (Heh. That's how I had it originally, the
}
- if (i == dns_names.size())
- i = 0;
+
details = l10n_util::GetStringFUTF16(
IDS_CERT_ERROR_COMMON_NAME_INVALID_DETAILS,
UTF8ToUTF16(request_url.host()),
« components/ssl_errors/error_classification_unittest.cc ('K') | « components/ssl_errors/error_classification_unittest.cc ('k') | net/BUILD.gn » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698